5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
A vulnerability, known as DROWN, exploitable in OpenSSL was disclosed on Mar 1, 2016 by openssl.org. OpenSSL 1.0.1s, used by IBM Tivoli Composite Application Manager for Transactions, has addresses this vulnerability.
CVE-ID: CVE-2016-0800 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions. Known as DROWN. Using a server that supports SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle, an attacker could exploit this vulnerability to decrypt TLS sessions between clients and NON-vulnerable servers.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111139 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
IBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitoring component (ISM – Agent code ‘IS’) is affected.
Versions:
· 7.4 – Affected by CVEs (CVE-2016-0800)
· 7.3 – Affected by CVEs (CVE-2016-0800)
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
7.4.0.1-TIV-CAMIS-IF0003| 7.4.0.1| None| http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002582
7.3.0.1-TIV-CAMIS-IF0037| 7.3.0.1| None| http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002628
For older versions of IBM Tivoli Composite Application manager for Transactions (eg 7.1 & 7.2), IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None known
CPE | Name | Operator | Version |
---|---|---|---|
tivoli composite application manager for transactions | eq | 7.4 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N